I just released a new version of Mobile Security Framework, an open
source framework capable of performing end to end security testing of
mobile applications.
Mobile Security Framework (MobSF) is an all-in-one open source mobile
application (Android/iOS) automated pen-testing framework capable of
performing static and dynamic analysis. It can be used for effective
and fast security analysis of Android and iOS Applications and
supports both binaries (APK & IPA) and zipped source code. MobSF can
also do Web API Security testing with it's API Fuzzer that performs
Information Gathering, analyze Security Headers, identify Mobile API
specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and
other logical issues related to Session Management and API Rate
Limiting.
Lots of new Features including:
* Improved and Responsive UI
* Live Device/VM ScreenCast on Dynamic Analyzer view
* Dynamic SSL Testing
* Exported Activity Tester and PoC Generation
* All new REST API Fuzzer for Security Testing backend servers of
Hybrid Mobile Apps
* Custom VM and Android Device Support for MobSF Dynamic Analysis
* Updated Static Analyzer rule set.
* Recent Scan View
* Improved Web Proxy, Error Handling and Dynamic Analyzer logic.
* Anti Emulator Check Bypass.
Download
https://github.com/
Slides from my talk @ nullcon
http://www.slideshare.net/
Documentation
https://github.com/
Video Course
https://opsecx.com/index.php/
Regards,
Ajin Abraham,
Security Researcher
Linkedin: https://in.linkedin.com/in/
Twitter: https://twitter.com/
Web: http://opensecurity.in
------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------
Komentarų nėra:
Rašyti komentarą